X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=gpgsigs%2Fgpgsigs;h=50505d24251bbb6c58f62c0a25af78dc41b38c4a;hb=HEAD;hp=7da3c1f1606f156c43a92241cd8bd9f79f8e05ef;hpb=4b2d0f37c3699d65dd84ed590b61d1c038e722e1;p=pgp-tools.git diff --git a/gpgsigs/gpgsigs b/gpgsigs/gpgsigs index 7da3c1f..50505d2 100755 --- a/gpgsigs/gpgsigs +++ b/gpgsigs/gpgsigs @@ -17,8 +17,10 @@ # * support for multiple user keys # * better charset conversion # * pod documentation +# see the Debian changelog for further changes. my $VERSION = qq$Rev$; +$ENV{PATH} .= ":/usr/share/signing-party"; use strict; use warnings; @@ -35,7 +37,7 @@ sub version($) gpgsigs $VERSION- http://pgp-tools.alioth.debian.org/ (c) 2004 Uli Martens (c) 2004, 2005 Peter Palfrader - (c) 2004, 2005 Christoph Berg + (c) 2004, 2005, 2006, 2007 Christoph Berg EOF } @@ -53,17 +55,21 @@ separate multiple keyids with ',' -r call gpg --recv-keys before proceeding -f convert from charset -t convert UIDs to charset in output +--refresh regenerate UID lists on keys +--latex generate LaTeX output including photo IDs EOF exit $error; } -my ($fromcharset, $charset, $recv_keys); +my ($fromcharset, $charset, $recv_keys, $refresh, $latex); Getopt::Long::config('bundling'); GetOptions( '-f=s' => \$fromcharset, '-t=s' => \$charset, r => \$recv_keys, + refresh => \$refresh, + latex => \$latex, help => sub { usage(*STDOUT, 0); }, version => sub { version(*STDOUT); exit 0;}, ) or usage(*STDERR, 1); @@ -76,44 +82,19 @@ $charset = "ISO-8859-1" unless $charset =~ /[\.-]/; $charset =~ s/.*\.//; $charset =~ s/@.*//; -my ($rf, $rt, $if, $it); -if (eval "require Locale::Recode") { - $rf = Locale::Recode->new (from => $fromcharset, to => $charset) if $fromcharset; - $rt = Locale::Recode->new (from => 'UTF-8', to => $charset); -} elsif (eval "require Text::Iconv") { - $if = Text::Iconv->new($fromcharset, $charset) if $fromcharset; - $it = Text::Iconv->new("UTF-8", $charset); -} -sub myfromrecode($) { - my ($text) = @_; - if (defined $rf) { - my $orig = $text; - $rf->recode($text); - return $text; - } elsif (defined $if) { - return $if->convert($text); - } else { - my $pid = open3(\*WTRFH, \*RDRFH, \*ERRFH, 'recode', "$fromcharset..$charset"); - print WTRFH $text; - close WTRFH; - local $/ = undef; - my $result = ; - close RDRFH; - close ERRFH; - waitpid $pid, 0; - die ("'recode' failed, is it installed?\n") unless defined $result; - return $result; - } -} +sub myrecode($$$) { + my ($text, $from, $to) = @_; + + if (eval "require Locale::Recode") { + my $rt = Locale::Recode->new (from => $from, to => $to); -sub myrecode($) { - my ($text) = @_; - if (defined $rt) { my $orig = $text; $rt->recode($text); return $text; - } elsif (defined $it) { + } elsif (eval "require Text::Iconv") { + my $it = Text::Iconv->new($from, $to); + my $result = $it->convert($text); warn ("Could not convert '$text'\n") unless defined $result; return (defined $result) ? $result : $text @@ -133,12 +114,12 @@ sub myrecode($) { # parse options -my $mykey = uc(shift @ARGV); +my @mykeys = split /,/, uc(shift @ARGV); my $keytxt = (shift @ARGV) || usage(*STDERR, 1); my $outfile = (shift @ARGV) || '-'; -my @mykeys = split /,/, $mykey; map { s/^0x//i; } @mykeys; +my %uids = map { $_ => [] } @mykeys; if (!@mykeys || scalar @ARGV) { usage(*STDERR, 1); @@ -169,18 +150,43 @@ if ($recv_keys) { } print STDERR "Running --list-sigs, this will take a while "; -open SIGS, "gpg --fixed-list-mode --with-colons --list-sigs @keys 2>/dev/null |" +open SIGS, "gpg --fixed-list-mode --with-colons --list-sigs @mykeys @keys 2>/dev/null |" or die "can't get gpg listing"; -my ($key, $uid, $sigs); +my ($key, $uid, $sigs, $photocount); while () { if ( m/^pub:(?:.*?:){3,3}([0-9A-F]{16,16}):/ ) { $key = $1; print STDERR "."; + undef $photocount; next; } - if ( m/^uid:(?:.*?:){8,8}(.*):/s ) { - $uid = myrecode($1); + if ( m/^uid:(.):(?:.*?:){7,7}(.*):/s ) { + my $uidstatus = $1; + $uid = $2; + $uid =~ s/\\x([0-9a-f][0-9a-f])/ chr(hex($1)) /gie; + $uid = myrecode($uid, "UTF-8", $charset); + + my ($shortkey) = substr $key, -8; + # Remember non-revoked uids + next if $uidstatus eq "r"; + push @{$uids{$shortkey}}, $uid; + next; + } + if ( m/^uat:(.)::::[^:]+::([0-9A-F]+)::\d+ (\d+)/ ) { # uat:-::::2006-08-03::27BAEAF742BD253C2F3F03B043DC1536880193C4::1 7993: + my $uidstatus = $1; + # $2 is hash of attribute data + my $size = $3 - 19; # FIXME: find a nicer way to find out picture size + $uid = "[jpeg image of size $size]"; + next if $uidstatus eq "r"; + if ($latex and not $photocount) { # call once per key + my ($shortkey) = substr $key, -8; + system "rm -f $shortkey.[1-9]*.eps"; + system "gpg --photo-viewer 'gpgsigs-eps-helper $shortkey' --list-options show-photos --list-key $key > /dev/null"; + $photocount = 1; + } + my ($shortkey) = substr $key, -8; + push @{$uids{$shortkey}}, $uid; next; } if ( m/^sig:(?:.*?:){3,3}([0-9A-F]{8})([0-9A-F]{8}):(?:.*?:){5,5}(.*?):/ ) { @@ -196,17 +202,26 @@ while () { } else { $class = 's'; }; - $sigs->{$key}->{$uid}->{$1.$2} = $class; - $sigs->{$key}->{$uid}->{$2} = $class; - next; - } - if ( m/^uat:/ ) { - $uid = "Photo ID"; + # Handle the case where one UID was signed multiple times + # with different signature classes. + my $before = $sigs->{$key}->{$uid}->{$1.$2}; + if (defined $before) { + if ($before eq 'S' || $before eq 's') { + $sigs->{$key}->{$uid}->{$1.$2} = $class; + } elsif ($class eq 'S' || $class eq 's') { + # intentionally left blank + } elsif ($before < $class) { + $sigs->{$key}->{$uid}->{$1.$2} = $class; + }; + } else { + $sigs->{$key}->{$uid}->{$1.$2} .= $class; + }; + $sigs->{$key}->{$uid}->{$2} = $sigs->{$key}->{$uid}->{$1.$2}; next; } - next if ( m/^(rev|sub|tru):/ ); + next if ( m/^(rev|rvk|sub|tru):/ ); # revoke/revoker/subkey/trust warn "unknown value: '$_', key: ".(defined $key ? $key :'none')."\n"; -} +} close SIGS; print STDERR "\n"; @@ -218,18 +233,46 @@ for my $k ( keys %{$sigs} ) { # read checksums -open MD, "gpg --print-md md5 $keytxt|" or warn "can't get gpg md5\n"; +open MD, "gpg --with-colons --print-md md5 $keytxt|" or warn "can't get gpg md5\n"; my $MD5 = ; close MD; -open MD, "gpg --print-md sha1 $keytxt|" or warn "can't get gpg sha1\n"; +open MD, "gpg --with-colons --print-md sha1 $keytxt|" or warn "can't get gpg sha1\n"; my $SHA1 = ; close MD; +open MD, "gpg --with-colons --print-md sha256 $keytxt|" or warn "can't get gpg sha256\n"; +my $SHA256 = ; +close MD; +open MD, "gpg --with-colons --print-md ripemd160 $keytxt|" or warn "can't get gpg ripemd160\n"; +my $RIPEMD160 = ; +close MD; + +my @MD5 = split /:/, $MD5; +my @SHA1 = split /:/, $SHA1; +my @SHA256 = split /:/, $SHA256; +my @RIPEMD160 = split /:/, $RIPEMD160; +$MD5 = $MD5[2]; +$SHA1 = $SHA1[2]; +$SHA256 = $SHA256[2]; +$RIPEMD160 = $RIPEMD160[2]; + +$MD5 =~ s/(.{16})/$1 /; +$SHA1 =~ s/(.{20})/$1 /; +$SHA256 =~ s/(.{32})/$1 /; +$RIPEMD160 =~ s/(.{20})/$1 /; +$MD5 =~ s/([0-9A-Z]{2})/$1 /ig; +$SHA1 =~ s/([0-9A-Z]{4})/$1 /ig; +$SHA256 =~ s/([0-9A-Z]{4})/$1 /ig; +$RIPEMD160 =~ s/([0-9A-Z]{4})/$1 /ig; chomp $MD5; chomp $SHA1; +chomp $SHA256; +chomp $RIPEMD160; my $metatxt = quotemeta($keytxt); $MD5 =~ s/^$metatxt:\s*//; $SHA1 =~ s/^$metatxt:\s*//; +$SHA256 =~ s/^$metatxt:\s*//; +$RIPEMD160 =~ s/^$metatxt:\s*//; # write out result @@ -238,6 +281,9 @@ sub print_tag my ($key, $uid) = @_; if (! defined $sigs->{$key}->{$uid}) { warn "uid '$uid' not found on key $key\n"; + #for (keys %{ $sigs->{$key} }) { + # print STDERR "only have $_\n"; + #}; return '(' . (' ' x @mykeys) . ')'; } my $r = '('; @@ -248,17 +294,54 @@ sub print_tag return $r; } +$key = undef; +$uid = undef; +my $line = 0; +my $keys = 0; print STDERR "Annotating $keytxt, writing into $outfile\n"; open (TXT, $keytxt) or die ("Cannot open $keytxt\n"); open (WRITE, '>'.$outfile) or die ("Cannot open $outfile for writing\n"); + +if ($latex) { + print WRITE <<'EOF'; +\documentclass{article} +\usepackage[margin=2cm]{geometry} +\usepackage{alltt} +\usepackage{graphicx} +\usepackage{grffile} +\begin{document} +\begin{alltt} +EOF +} + while () { - $_ = myfromrecode($_); + $line++; + $_ = myrecode($_, $fromcharset, $charset); if (/^MD5 Checksum:/ && defined $MD5) { s/[_[:xdigit:]][_ [:xdigit:]]+_/$MD5/; } if (/^SHA1 Checksum:/ && defined $SHA1) { s/[_[:xdigit:]][_ [:xdigit:]]+_/$SHA1/; } + if (/^SHA256 Checksum:/ && defined $SHA256) { + s/[_[:xdigit:]][_ [:xdigit:]]+_/$SHA256/; + } + if (/^RIPEMD160 Checksum:/ && defined $RIPEMD160) { + s/[_[:xdigit:]][_ [:xdigit:]]+_/$RIPEMD160/; + } + + if ( m/^[0-9]+\s+\[ \] Fingerprint OK/ ){ + if ($latex) { + if ($keys > 0) { + print WRITE "\\end{samepage}\n"; + } + print WRITE "\\begin{samepage}\n"; + ++$keys; + } + print WRITE; + next; + } + if ( m/^pub +(?:\d+)[DR]\/([0-9A-F]{8}) [0-9]{4}-[0-9]{2}-[0-9]{2} *(.*)/ ) { $key = $1; $uid = $2; @@ -266,11 +349,41 @@ while () { # print WRITE print_tag($key, $uid) . " $_"; # next; #} + print WRITE; + undef $photocount; + next; + } + + if ( m/^ *Key fingerprint/ ) { + print WRITE; + my $inc = ""; + foreach my $mykey (@mykeys) { + foreach my $myuid (@{$uids{$mykey}}) { + $inc .= defined $sigs->{$mykey}->{$myuid}->{$key} ? $sigs->{$mykey}->{$myuid}->{$key} : ' '; + } + } + print WRITE "[$inc] incoming signatures\n" if $inc =~ /\S/; + if ($refresh or $latex) { + foreach $uid (@{$uids{$key}}) { + print WRITE print_tag($key, $uid) . " $uid\n"; + if ($latex and ($uid =~ /^\[jpeg image/)) { + $photocount++; + print WRITE "\\begin{flushright}\n"; + print WRITE "\\includegraphics[height=3cm]{$key.$photocount}\n"; + print WRITE "\\end{flushright}\n"; + } + } + } + next; + } if ( m/^uid +(.*)$/ ) { $uid = $1; - die "key is undefined" unless defined $key; - die "uid is undefined, key $key" unless defined $uid; + next if $refresh or $latex; + unless (defined $key) { + warn "key is undefined - input text is possibly malformed near line $line\n"; + next; + }; die "bad tag from $key | $uid" unless defined (print_tag($key, $uid)); print WRITE print_tag($key, $uid) . " $_"; next; @@ -278,12 +391,35 @@ while () { print WRITE; } +if ($latex && ($keys > 0)) { + print WRITE "\\end{samepage}\n"; +} + print WRITE "Legend:\n"; +my $num_myuids = 0; foreach my $i (0 .. @mykeys - 1) { - print WRITE '('. ' 'x$i . 'S' . ' 'x(@mykeys-$i-1) . ") signed with $mykeys[$i]\n"; + print WRITE '(' . ' 'x$i . 'S' . ' 'x(@mykeys-$i-1) . ") signed with $mykeys[$i] $uids{$mykeys[$i]}->[0]\n"; + $num_myuids += @{$uids{$mykeys[$i]}}; +} +my $i = 0; +foreach my $mykey (@mykeys) { + foreach my $myuid (@{$uids{$mykey}}) { + my $inc = defined $sigs->{$mykey}->{$myuid}->{$key} ? $sigs->{$mykey}->{$myuid}->{$key} : ' '; + print WRITE "[" . ' 'x$i . 'S' . ' 'x($num_myuids-$i-1) . "] has signed $mykey $myuid\n"; + $i++; + } } close TXT; +if ($latex) { + print WRITE <<'EOF'; +\end{alltt} +\end{document} +EOF +} + +close WRITE; + __END__ =head1 NAME @@ -292,33 +428,44 @@ B - annotate list of GnuPG keys with already done signatures =head1 SYNOPSIS -B [-r] [-f I] [-t I] II<[>B<,>IB<,>I<...>I<]>>I<]> F [F] +B [I] II<[>B<,>IB<,>I<...>I<]>>I<]> F [F] =head1 DESCRIPTION B was written to assist the user in signing keys during a keysigning party. It takes as input a file containing keys in C format and prepends every line with a tag indicating if the user has already signed -that uid. When the file contains C or C lines -and placeholders (C<__ __>), the checksum is inserted. +that uid. When the file contains C lines and placeholders +(C<__ __>), the checksum is inserted. ALGO can be set to the following algorithms: +MD5 SHA1 SHA256 or RIPEMD160. =head1 OPTIONS =over -=item -r +=item B<-r> Call I before creating the output. -=item -f I +=item B<-f> I Convert F from I. The default is ISO-8859-1. -=item -t I +=item B<-t> I Convert UIDs to I. The default is derived from LC_ALL, LC_CTYPE, and LANG, and if all these are unset, the default is ISO-8859-1. +=item B<--refresh> + +Refresh the UID lists per key from gpg. Useful when UIDs were added or revoked +since the input text was generated. + +=item B<--latex> + +Generate LaTeX output, including photo IDs. Implies B<--refresh>. +B This writes eps files to the current directory. + =item I Use this keyid (8 or 16 byte) for annotation. Multiple keyids can be separated @@ -359,7 +506,7 @@ http://pgp-tools.alioth.debian.org/ (c) 2004, 2005 Peter Palfrader -(c) 2004, 2005 Christoph Berg +(c) 2004, 2005, 2006, 2007 Christoph Berg =head1 LICENSE